Cisco Blogs


Cisco Blog > Internet of Everything

Extended By Popular Demand: The Cisco IoT Security Grand Challenge

June 16, 2014 at 5:00 am PST

Since its announcement at the RSA 2014 conference, the security community has been actively involved in the Cisco IoT Security Grand Challenge, an industry-wide initiative to bring the best and brightest security minds to the table to help us find innovative IoT security solutions. Thus far, we’ve had dozens of wonderful submissions and they’re still coming in.

Cisco_extension-banner

The initial deadline to make a submission was this coming Tuesday, June 17th. However, the challenge has been so popular that we’ve decided to extend the deadline by two more weeks, to July 1st, to give you an opportunity to complete your best work. After all, we all benefit by ensuring that the things we connect are secure. And with billions of objects networked all over the world, many of which will reside in insecure locations, security is arguably more important for IoT than it has been for any other technology in history.

Cisco will select up to six winners, each of whom will be awarded between $50,000 and $75,000 USD. The winners will be announced, and will have an opportunity to present their winning submission, at the IoT World Forum in Chicago, October 14-16, 2014!

Interested in participating? Visit www.CiscoSecurityGrandChallenge.com for full details about the challenge and prepare your response. Good luck!

Tags: , , , , , , , , , ,

#HigherEdThursdays – Cybersecurity for Higher Education: Is your network protected?

Cybersecurity is a hot topic and a major concern for all organizations.  No one is immune, and indeed, higher education institutions can fall victim to large breaches as well.  In fact, according to PrivacyRights.org, below are a few examples from the last 6 months:

Date Name

Records Lost

22-Apr-14 Iowa State University

29,780

27-Mar-14 The University of Wisconsin-Parkside

15,000

20-Mar-14 Auburn University

Unknown

6-Mar-14 North Dakota State University

290,000

26-Feb-14 Indiana University

146,000

19-Feb-14 University of Maryland

309,079

27-Nov-13 Maricopa County Community College District

2,490,000

Theft, intellectual property loss, and loss of individual’s personal data affect all organizations in varying degrees.  While higher education institutions face many of the same challenges as government and commercial organizations, they also have worries that are unique to their environments. Some of the higher education specific cybersecurity topics include:

  • Data Privacy & Security – Colleges posses the Personal Identifying Information (PII) of their students AND students parents, faculty and alumni – the numbers add up quickly.  In addition to the usual PII, this can also include: medical, financial, academic and other data.
  • Device Mobility – The average student currently has 3 devices and this is expected to grow to 5 devices in the next few years.
  • Application Protection & Control – Education specific applications have become a target for bad actors and file sharing sites cause concern of digital rights violations in Higher Education.
  • Digital Learning & Assessment – On-line classes and testing provide one-to-one learning opportunities, more choice, and cost reduction in Higher Education.  It must be secure
  • Protecting Intellectual Capital – Research universities have become a prime target for intellectual property theft.   They risk loosing valuable data and the possibility of losing grant funding.

Threats have become more sophisticated and protecting the enterprise with these topics in mind needs to be more sophisticated also.  It is no longer enough to harden access to the network and think you are OK.  Because the bad guys trying to steal your data are using so many different types of attack, effective defense requires a multi-level approach.

Cisco recently acquired SourceFire, and we have adopted their frequent question to customers: “If you knew you were going to be breached, what would you do differently?”  The 2014 Cisco Annual Security Report studied the web traffic of corporate networks and every one had connections to domains that are known malware threat sites or threat vectors – an indication that bad things are on every one of these networks and likely on most networks.  Think about the question again – what would YOU do differently?  That is what we all should be doing.

We recommend looking at the Attack Continuum of  “Before, During, and After” with the following actions for each phase:

  • Before an attack you want to harden your network, to enforce security policies with controlled, segmented access to resources.
  • During an attack you want to defend your network by detecting the threats and blocking them from getting in.
  • After an attack you want to contain the threat, determine the scope of the problem, remediate the damage, and get back to educating students.

The conventional perimeter protections such as firewalls, intrusion prevention, and anti-virus are still part of a good defense in depth framework, but more is now needed.  We offer many parts of the solution, of course, and have experts who work with universities to address their specific security needs. But no matter who you work with, please look carefully at what you can do differently to protect your students and your institution from these new, advanced threats.

Our upcoming whitepaper will focus on some of these trends, challenges and strategies for higher education. You can register to receive the whitepaper as well as a compilation of all the #HigherEdThursdays blog series upon completion.  Reserve your copy now.

Happy #HigherEdThursdays!

Tags: , , , , ,

RATs in Your Data Center

News agencies like ABC News, CNN, and others have run stories on the FBI sting operation against more than 100 hackers who were involved in using and/or distributing the Blackshades RAT (articles in the hyperlinks for reference). For a mere US$40, a novice computer user can become a hacker and gain access to anyone’s computer, including gaining control over their video camera. If this novice hacker in the making needs help operating the RAT, many video instructions can be found on YouTube. This would be a form of free technical support. With over an estimated 500,000 computers infected, that leaves behind a serious footprint of compromised devices. As Marty Roesch, Cisco VP, Security Architect would say, “If you knew you were going to be compromised, would you do security differently?”

With over a half a million computers compromised from a single remote access toolkit, it is reasonable to think that a high percentage of those compromised computers would unknowingly be brought back to work and connected to the corporate network. Although inexpensive, the Blackshades RAT has an extensive set of capabilities such as keystroke logger, web cam control, full file access, etc. More than enough for the cyber attacker to assume the full identity of the owner of the compromised computer to allow them easy access to the business critical servers inside the data center as depicted in the diagram.

Read More »

Tags: , , , , , ,

Cisco Live!: Threat-Centric Security from Networks to Data Centers to Clouds

Security has emerged as a leading pain point for CIOs, executives, and even in the boardroom due to changing business models and growing attack surfaces, a threat landscape that is more dynamic by the day and the increasing complexity of IT environments.

With these challenges as a backdrop, attendees of our 25th annual Cisco Live! event last week in San Francisco absorbed over 170 hours of security-focused material, including hands-on labs, seminars, technical breakouts, panel discussions, and keynotes. This overwhelming amount of time and effort is a testament to Cisco’s commitment to protecting our customers against the latest threats across the full attack continuum—before, during, and after an attack.

In case you could not attend or make a session, particular highlights from the week included Chris Young and Bryan Palma’s keynote (must create Cisco Live account to view) examining the security challenges brought about by the Internet of Everything. Chief architect Martin Roesch also led a session exploring threat-centric security, examining the modern threat landscape, and how threat-centric security increases the effectiveness of threat prevention.

From a product perspective, momentum continued as we announced major updates and new products during Cisco Live! to help our customers address their security needs across the attack continuum with protection from the network to the data center to the endpoint to the cloud.

Read More »

Tags: , , , , , , , ,

Control Without Compromise Through Superior Data Center Protection

The news of high-profile targeted data center attacks has dominated security news recently. But data center attacks are even more prevalent than those headlines suggest. In fact, a survey conducted last summer by Network World suggests that 67 percent of data center administrators experienced downtime due to malware and related attacks in the previous 12 months.

A key challenge is that many of today’s security solutions are simply not designed for the data center, with limitations in both provisioning and performance. The situation will likely get worse before it gets better as data center traffic grows exponentially and data centers migrate from physical, to virtual, to next-generation environments like Software-Defined Networks (SDN) and Application Centric Infrastructures (ACI).

Read More »

Tags: , , , , , , , , , , ,